PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

Black Mirror: A Powerful Look at the Dark Side of Privacy, Security, and Technology

In a series of posts, I have written about some of my favorite media regarding privacy and security: TV shows, movies, and novels. When I wrote about TV shows, a number of people recommended the show Black Mirror. I have now seen all the episodes thus far, and I am happily adding it to the […]

Phishing Cartoon: Why Do Phishers Keep Sending Obvious Scam Emails?

Phishing Cartoon

Why do phishers waste their time with such obvious phishing scams when they can do so much better? One possible answer: They don’t have to do better.  They send out so many emails that they only need a very low percentage of people to click.  And people always do.  In fact, if phishing emails became […]

Clearing Up the Fog of Cloud Service Agreements

Contracting with cloud service providers has long been a world shrouded in fog. Across various organizations, cloud service agreements (CSAs) are all over the place, and often many people entering into these contracts have no idea what provisions they should have to protect their data.

The Funniest Password Recovery Questions and Why Even These Don’t Work

Passwords

  A recent article in Wired argues that it is time to kill password recovery questions. Password recovery questions are those questions that you set up in case you forget your password. Common questions are: In what city were you born? What is your mother’s maiden name? Where did you go to high school?

Ransomware: A Cartoon to Brighten More Bad News

Ransomware cartoon

I have good news and bad news about ransomware.  First, the good news — here’s a cartoon I created.  I hope you enjoy it, because that’s the only good news i have.  Now, for the bad news . . . The Bad News: Be Afraid, Very Afraid Everyone seems to be afraid of ransomware these […]

Passwords Cartoon – Security Awareness Training

Cartoon Passwords - TeachPrivacy Security Awareness Training 01

Here’s a cartoon I created to illustrate the importance of security awareness training.  I hope you find it amusing.

Attorney Confidentiality, Cybersecurity, and the Cloud

Law firm data security

There is a significant degree of confusion and lack of awareness about attorney confidentiality and cybersecurity obligations.  This issue is especially acute when it comes to using the cloud to store privileged documents.  A common myth is that storing privileged documents in the cloud is a breach of attorney-client confidentiality.  In other instances, many attorneys […]

New Resource Page: How to Make Security Training Effective

Effective Security Training

I recently created a new resource page —  How to Make Security Training Effective.  The page contains my advice for how  to make security training memorable and effective in changing behavior. Training the workforce is an essential way to protect data security, but not all training endeavors are successful.  Poor training is akin to shouting […]